A mid-sized investment banking firm wanted to protect itself from cyberthreat exposure and secure its business-critical assets. The company wanted a transparent and sustainable cyber security management solution that provided continuous monitoring and identification of unusual cyber activity.
The information technology (IT) group had limited resources and lacked experience in the cyber security domain. With a family culture based on a high level of trust, they are relatively ‘risk adverse’. The firm has been transforming itself from a boutique family-oriented company into a significant player within the financial investment industry. However, employees have been accustomed to an open and collaborative environment.
Therefore, network connections for employees are not restrictive. With the introduction of expanded WIFI and bring your own device (BYOD) strategies, the number and types of devices connecting to the network has been growing rapidly.
Limited administrative and managerial security controls meant that our client lacked the necessary network visibility for determining the likely occurrence of security events and their potential impact to the business. There was a need for a transparent and sustainable cyber security management solution that provided continuous monitoring and identification of unusual network behavior.
Marlabs proposed to convert operational security and cyber threat management metrics into actionable business intelligence using NIKSUN NetDetectors backed by Marlabs cyber security analysis expertise. As a first step in assessing the security posture of the firm’s network, Marlabs performed a comprehensive Network Vulnerability Assessment (NVA) that addressed the following areas:
- External/internal vulnerability
- Wireless security
- Social engineering and
- Mobile device security strategy
After reviewing our NVA report and gaining new insight into their security posture, the client entered the next phase of enhancing their cyber visibility by signing up for Marlabs Cyber Threat Management Services (CTMS). CTMS is comprised of 24/7, near real-time customized anomaly identification, warnings, and alerts; cyber security incident management and response capabilities; and vulnerability management through periodic assessment and tracked remediation.
Installation of two NIKSUN NetDetector devices to continuously monitor the network established a customized, integrated, and sustainable cyber security strategy for protecting the investment firm’s critical information assets.
This solution accomplished the following objectives:
- Provided security intelligence by establishing CTMS for the firm
- Installed NIKSUN NetDetector appliances at two locations
- Developed the firm’s network profile using results of the NVA and data collected by NIKSUN NetDetectors
- Reduced the risk of security breaches by creating customized NetDetector rules for the network to reduce ‘false positives’ and generate ‘meaningful alerts’ pertaining to the firm’s security posture
- Enhanced the ability to perform predictive analysis on anomalous network activity (blacklisted IPs, blacklisted geographical destinations, unusual spikes in network activity)
- Continuously tweaked 24x7x365 SOC monitoring indicators, warnings, and alerts to meet the client’s unique and dynamic business needs
- Performed ongoing vulnerability management through quarterly assessments including analysis and trending
- Documented cyber security incident response plans and performed triage functions.
- Produced a security control gap analysis and a customized snapshot of the organization’s current security posture
- Established a security plan roadmap for sustainable cyber security strategy improvement
- Reduced overall cyber risk by decreasing the time taken to identify and respond to anomalous network activity
- Narrowed threat vectors by performing periodic vulnerability assessments and supporting timely remediation.
The Marlabs comprehensive solution, combined with the NIKSUN NetDetector’s intelligent monitoring, alerting, and forensic capabilities, provided the client with a complete and secure cyber defense mechanism against malware, security breaches, and network performance problems.
The client’s cyber security perimeter was transformed from a lack of network visibility and open security vulnerabilities to a safe and secure network environment that protected all of their critical business assets, now and in the years to come.